rkhunter install

[Rootkit Hunter]

Homepage: http://www.rootkit.nl/projects/rootkit_hunter.html
Download: http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz?modtime=1204134588&big_mirror=0
          (latest version : 1.3.2 - 20080320)

cd /home/kkang/

wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz?modtime=1204134588&big_mirror=0

tar xvfzp rkhunter-1.3.2.tar.gz

cd rkhunter-1.3.2

./installer.sh --layout default --install

cd files

./rkhunter --update  ## Check the update files

./rkhunter --propupd  ## Update the file properties database

./rkhunter --check   ## Rootkit check

##[Report]##
Checking system commands...
Checking for rootkits...
Checking the network...
Checking the local host...
Checking application versions...

System checks summary
=====================

File properties checks...
    Files checked: 130
    Suspect files: 6

Rootkit checks...
    Rootkits checked : 114
    Possible rootkits: 0

Applications checks...
    Applications checked: 6
    Suspect applications: 0

    ..............

./rkhunter --check --rwo  ## Report only warning message

Warning: The file properties have changed:
         File: /usr/bin/GET
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The file properties have changed:
         File: /usr/bin/groups
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The file properties have changed:
         File: /usr/bin/ldd
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The file properties have changed:
         File: /usr/bin/whatis
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The file properties have changed:
         File: /sbin/ifdown
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The file properties have changed:
         File: /sbin/ifup
         Current permissions: 0700    Stored permissions: 0755
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

Warning: The SSH configuration option 'PermitRootLogin' has not been set.
         The default value may be 'yes', to allow root access.
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)